2f72afbef1ab4deca0d50a836d62ce84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f72afbef1ab4deca0d50a836d62ce84_JaffaCakes118
Size

11KB
MD5

2f72afbef1ab4deca0d50a836d62ce84
SHA1

0baa76196726e9043f38b15e43276f4829ef62f9
SHA256

6249544f59f7df1b33e617f894657eb155cbdeafa96ceed66fb84b75d5422c65
SHA512

0fc42111b5232a750cee0159545dae232793d8468f3fe07e96da31cc9a1b5e1b6cc19429375285a2eb4ef78d147f00d0b65953688f996feb470e278a7fbac6a2
SSDEEP

192:hByz6+s74BxyPlh2lOKKUwDxJPCc9oaXyVPLZLqBt/A:hBAxs74BCYKPDPPT9C9LZLqBt/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f72afbef1ab4deca0d50a836d62ce84_JaffaCakes118

Files

2f72afbef1ab4deca0d50a836d62ce84_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1db6f2b43fbd92a9135a68126e8df09a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
MoveFileExA
DeviceIoControl
SetFilePointer
LocalLock
GetCommandLineA
GetFileAttributesA
CreateEventW
WaitForMultipleObjects
OpenEventA
LeaveCriticalSection
GetVersionExA
CreateDirectoryA
GetDriveTypeA
LocalFileTimeToFileTime
SetLastError
GetExitCodeProcess
FreeLibrary
CloseHandle
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
ExpandEnvironmentStringsA
DosDateTimeToFileTime
SetFileTime
GetFileSize
EnterCriticalSection
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceA
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateEventA
GetCurrentDirectoryA
SetFileAttributesA
QueryDosDeviceA
GetUserDefaultUILanguage
GetCurrentProcess
LoadLibraryA
CreateProcessA
SetEndOfFile
CopyFileA
GetCurrentThreadId
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
QueryPerformanceCounter
CreateThread
SetErrorMode
FlushFileBuffers
WaitForSingleObject
GetProcessHeap
WriteFile
ExitProcess
HeapFree
RemoveDirectoryA
DeleteCriticalSection
GetProcAddress
SetEvent
MoveFileA
FindClose
GetSystemDirectoryA
ReadFile
CreateFileA
WideCharToMultiByte
Sleep
GetSystemTime

advapi32

InitiateSystemShutdownA
InitializeAcl
AddAccessAllowedAce
GetLengthSid
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

user32

ShowWindow
SendDlgItemMessageA
EndDialog
MessageBoxA
DialogBoxParamA
SendMessageA
SetParent
LoadStringA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtOpenProcessToken
NtClose

msvcrt

sprintf
strchr

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1db6f2b43fbd92a9135a68126e8df09a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

ntdll

msvcrt

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 89KB

.rsrc Size: 2KB - Virtual size: 1KB

.rdata Size: 135KB - Virtual size: 215KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 89KB

.rsrc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 135KB - Virtual size: 215KB